Expert Comments

Expert Insight: Docker Malware Is Now Common – Devs Need To React Accordingly

Expert(s):
Expert(s):

Towards the end of 2017, there was a major shift in the malware scene. As cloud-based technologies became more popular, cybercrime gangs began targeting Docker and Kubernetes systems. Most of these attacks followed a very simple pattern where threat actors scanned for misconfigured systems that had admin interfaces exposed online in order to take over servers and deploy cryptocurrency-mining malware.

Over the past three years, these attacks have intensified, and new malware strains and threat actors targeting Docker (and Kubernetes) are now being discovered on a regular basis.  

But despite the fact that malware attacks on Docker servers are now commonplace, many web developers and infrastructure engineers have not yet learned their lesson and are still misconfiguring Docker servers, leaving them exposed to attacks. The most common of these mistakes is leaving Docker remote administration API endpoints exposed online without authentication.

https://www.zdnet.com/article/docker-malware-is-now-common-so-devs-need-to-take-docker-security-seriously/

Experts Comments

Dot Your Expert Comments
Mark Bower
December 02, 2020
Senior Vice President
comforte AG

To thwart the variations of malware and attacks from misconfiguration or API exploitation, a data-centric approach is vital.
Platforms like Kubernetes enable immense application delivery power. However, the built-in security controls reflect classical data-at-rest and transport encryption, perimeter, and access control based security. While these controls are important, the last decade has seen leading enterprises and data processors shift towards data-centric over perimeter controls to combat advanced malware, ransomware, and insider risk to sensitive data. Fundamentally, to thwart the variations of malware and.....Read More
Platforms like Kubernetes enable immense application delivery power. However, the built-in security controls reflect classical data-at-rest and transport encryption, perimeter, and access control based security. While these controls are important, the last decade has seen leading enterprises and data processors shift towards data-centric over perimeter controls to combat advanced malware, ransomware, and insider risk to sensitive data. Fundamentally, to thwart the variations of malware and attacks from misconfiguration or API exploitation, a data-centric approach is vital even with advanced container and app orchestration ecosystems to avoid data compromise or attacks that can create havoc for data-hungry enterprises depending on them.  Read Less

Dot Your Expert Comments


Only for registered and approved experts. Please register before providing comments. Register here
* By using this form you agree with the storage and handling of your data by this web site.
Submit
0
FacebookTwitterLinkedinWhatsappEmail

You may also like

ObliqueRAT Trojan Lurks On Compromised Websites – Experts Comments

Microsoft Multiple 0-Day Attack – Tenable Comment

Experts Reaction On Malaysia Airlines 9 Years Old Data Breach

IoT Security In The Spotlight, As Research Highlights Alexa Security...

Oxfam Australia Confirms ‘Supporter’ Data Accessed In Cyber Attack

Expert Reaction On Solarwinds Blames Intern For Weak Passwords

Expert Reaction On Go Is Becoming The Language Of Choice...

Experts On Google Voice Outage

Expert Reaction On GCHQ To Use AI In Cyberwarfare

Comment: Hackers Break Into ‘Biochemical Systems’ At Oxford Uni Lab...